* Paul Wise: > This sort of data is liable to be out of date if included in the > source code of fwupd, I think this should be separate to fwupd in the > same way that tzdata is separate to glibc and DNSSEC root keys are > separate to DNS servers and the web PKI CAs should be separate to web > browsers. I suggest that fwupd download it directly from the UEFI > website and update the copy within the boot firmware that way.
It also has to be optional and disabled by default because a future dbx update may be specifically designed to stop Debian systems from booting. No Debian user will want to install such an update.
